burger icon
Mr Fortune Canada
Log In

Privacy Policy

This Privacy Policy explains how Mr Fortune, operated via the website mrfortune-ca.com, collects, uses, discloses, and protects personal information of players and website visitors located in Canada (excluding Ontario). It is intended to help you understand our privacy practices so you can make informed decisions when using our services. By registering an account, using our games, or visiting our website, you consent to the practices described in this Policy, as updated from time to time. This Privacy Policy is effective and deemed applicable to processing activities up to and including 31 December 2026, unless replaced by a later version.

Who We Are

OBSERVE: Players must know the legal operator and contact points responsible for privacy.

EXPAND: We identify the operating company, its registration and licensing details, and a clear privacy contact channel.

REFLECT: This enables you to exercise rights and understand who controls your data.

The Mr Fortune service available at mrfortune-ca.com is operated by:

  • Operator: Green Feather Online Limited
  • Registered office / legal address: 97 Windsor Street, Sliema, SLM 1853, Malta
  • Company registration number: C80735 (Malta)
  • Gaming licence: Malta Gaming Authority (MGA) Remote Gaming Licence MGA/B2C/445/2017, issued to Green Feather Online Limited

For the purposes of applicable data protection laws, Green Feather Online Limited acts as the data controller for personal information processed in connection with Mr Fortune and the mrfortune-ca.com website as offered to Canadian users (outside Ontario).

Data Protection Contact

We have appointed a data protection contact point for privacy-related matters. You may reach us at:

  • Email: [email protected] (or the contact form available on our website, where implemented)
  • Postal address: Data Protection Officer, Green Feather Online Limited, 97 Windsor Street, Sliema, SLM 1853, Malta

Any reference in this Policy to "we", "us", or "our" refers to Green Feather Online Limited acting in connection with mrfortune-ca.com.

What Personal Data We Collect

OBSERVE: Online casinos must collect identity, financial, technical, and behavioural data to operate legally and securely.

EXPAND: We group data into categories and explain typical examples and sources (you, devices, third parties).

REFLECT: This helps you understand the scope of data processed and how it relates to legal and contractual obligations.

Account and Identification Data

  • Basic registration data: full name, date of birth, country and province/territory of residence, address, username, password, security questions, email address, phone number.
  • Verification (KYC/AML) data: copies or details of identification documents (e.g., passport, ID card, driving licence), proof of address (utility bill, bank statement), source-of-funds/source-of-wealth information, occupation, and any photographs or video identification where required.

Financial and Transaction Data

  • Payment details: limited payment instrument details provided to process deposits and withdrawals (e.g., masked card numbers, IBAN or account ID, Interac/iDebit/Instadebit identifiers), payment provider, currency (including CAD).
  • Transaction history: deposits, withdrawals, chargebacks, refunds, bonus redemptions, account balances, and related correspondence.

Gaming and Behavioural Data

  • Gameplay information: game sessions, time and duration of play, stakes, wins and losses, betting patterns, bonus usage and wagering progress.
  • Responsible gambling data: self-imposed or system-imposed limits, self-exclusion details, time-out periods, reality checks, and any information related to gambling-related harm assessments.
  • Interaction data: clicks, navigation paths, pages viewed, response to offers and campaigns, communications with customer support (emails, chat logs, call notes where applicable).

Technical and Device Data

  • Technical identifiers: IP address, device identifiers, browser type and version, operating system, language settings, time zone, approximate location derived from IP (country/region).
  • Log and diagnostics data: login timestamps, security logs, access attempts (successful and failed), session IDs, crash logs and performance data.

Marketing and Preference Data

  • Marketing preferences: opt-ins/opt-outs for email, SMS, push notifications, and in-account messaging.
  • Profile data: your stated preferences, feedback, survey responses, and inferred interests based on your usage of the service, where permitted by law.

Cookies and Similar Technologies

  • Cookie data: unique cookie identifiers, session tokens, remember-me tokens, and similar information stored through cookies, local storage, or similar technologies in your browser or device.
  • Analytics and tracking data: aggregated statistics about user behaviour on our website, including via third-party analytics, subject to your consent where required.

We may combine information from different sources (e.g., registration data, gameplay data, payment information, and third-party checks) for the purposes described in this Policy, always in line with applicable law.

Legal Basis for Processing

OBSERVE: Operating an online casino for Canadian users under an MGA licence involves multiple legal grounds for processing.

EXPAND: We align our practices with core principles found in the EU GDPR and comparable Canadian privacy principles (including PIPEDA and substantially similar provincial laws), even though our corporate domicile is Malta.

REFLECT: This section clarifies why we are legally allowed to process your data and on what basis you may exercise specific rights.

Contractual Necessity

  • To create and manage your account, verify your age and eligibility, and provide access to our games and services.
  • To process deposits and withdrawals, manage your wallet, credit bonuses, and settle bets and winnings.
  • To provide customer support, handle your requests, and communicate service-related information (e.g., technical notices, changes to terms).

Compliance with Legal and Regulatory Obligations

  • To comply with anti-money laundering (AML) and counter-terrorist financing (CTF) regulations, including identity verification, transaction monitoring, source-of-funds checks, and reporting suspicious activity to competent authorities, where required.
  • To meet responsible gambling obligations imposed by our regulator (Malta Gaming Authority) and relevant standards for Canadian players, such as monitoring for problematic gambling behaviour and applying interventions.
  • To comply with record-keeping, tax, accounting, and gaming regulations applicable to our licensed operations.

Legitimate Interests

  • To secure our services, including fraud prevention, network and information security, prevention of abuse, chargebacks, and misuse of bonuses, provided such interests are not overridden by your rights.
  • To perform analytics and business intelligence in order to understand usage patterns, improve the performance and features of our website and games, and plan our operations.
  • To establish, exercise, or defend legal claims in case of disputes, regulatory inquiries, or litigation.

Consent

  • For direct marketing communications (email, SMS, push notifications) where required by applicable law, we rely on your explicit consent. You may withdraw this consent at any time.
  • For optional cookies and similar technologies used for advertising or advanced analytics, we will request your consent where legally required.

Where we rely on legitimate interests, we have balanced these interests against your rights and freedoms and implemented safeguards such as data minimisation, pseudonymisation where appropriate, and strict access controls.

Purpose of Processing

OBSERVE: Players must understand how each major category of data is used.

EXPAND: We clearly link processing purposes with our services, legal duties, and business operations.

REFLECT: This transparency supports informed consent and responsible use of our platform.

Provision and Management of Casino Services

  • Setting up and managing your player account, including authentication, security, and account configuration.
  • Providing access to casino games and related functionalities, processing in-game actions, stakes, and results.
  • Administering financial transactions, including deposits, withdrawals, bonuses, and cashback.

Compliance, Risk Management, and Responsible Gambling

  • Conducting KYC, AML/CTF, and fraud checks, and monitoring transactions and gameplay to detect suspicious activities.
  • Implementing responsible gambling measures, including self-exclusion, deposit/ wager limits, time limits, and behavioural monitoring to help prevent gambling-related harm.
  • Maintaining records necessary for regulatory, tax, and auditing purposes.

Service Improvement and Analytics

  • Analysing aggregated and pseudonymised data to improve our games and website, user experience, and technical performance.
  • Testing new features, personalising content, and optimising our interfaces and offers (within the boundaries of consent and legitimate interest).

Marketing and Promotions

  • Sending promotional communications (where permitted and subject to your preferences), such as welcome offers, bonuses, tournaments, and news about Mr Fortune.
  • Conducting segmentation and profiling for marketing purposes, to present more relevant offers, subject to applicable law and your rights.

Security and Dispute Resolution

  • Ensuring the security and integrity of our systems, detecting and preventing cyberattacks, unauthorised access, or cheating.
  • Handling complaints and disputes, including those escalated to our regulator (Malta Gaming Authority) or ADR bodies such as eCOGRA or MADRE, and defending our legal interests.

Disclosure & Sharing

OBSERVE: Data must often be shared with third parties to operate an online casino.

EXPAND: We identify the main categories of recipients and the conditions under which sharing occurs.

REFLECT: This allows you to understand who may access your information and why.

Service Providers and Technical Partners

  • Payment processors and financial institutions: to process deposits, withdrawals, and refunds (e.g., card acquirers, Interac, iDebit, Instadebit, banks, and similar providers).
  • Game providers and platform vendors: to deliver casino games and related features while respecting regulatory requirements.
  • IT, hosting, and security providers: for data hosting, backup, security monitoring, and technical support.
  • Analytics and marketing tools: to support analytics, campaign management, and communications, subject to applicable consent and opt-out mechanisms.

Group Entities and Affiliates

  • Other brands or sites operated by Green Feather Online Limited (for example, certain sister sites sharing backend infrastructure) may receive limited data where necessary to provide shared services, ensure consistent security controls, or comply with regulatory requirements.
  • Selected marketing affiliates and advertising networks may receive limited pseudonymised or aggregated data for tracking performance of campaigns and attribution, where you have consented and where allowed by law.

Regulators, Authorities, and Dispute Resolution Bodies

  • Regulators and law enforcement: including the Malta Gaming Authority, financial intelligence units, tax and other supervisory authorities, where we are legally required to provide information or where doing so is necessary to protect our rights or the rights of others.
  • Alternative Dispute Resolution (ADR) bodies: such as eCOGRA and MADRE, if you escalate a complaint and your case requires sharing relevant account, transaction, and communication records.

Business Transfers

  • In connection with any merger, acquisition, restructuring, or sale of all or part of our business, personal data may be transferred to the relevant third parties, subject to appropriate confidentiality and data protection safeguards.

We do not sell your personal data to third parties for their independent marketing purposes. All third parties receiving personal data act either as data processors under our instructions or as independent controllers with their own legal obligations.

International Transfers

OBSERVE: Data may move between Malta, the EU/EEA, Canada, and other jurisdictions via our providers.

EXPAND: We describe the safeguards used for such transfers, aligned with GDPR-style standards and Canadian expectations for cross-border processing.

REFLECT: This explains how we protect your information even when processed outside your home jurisdiction.

Your personal data may be transferred to and processed in countries outside your province/territory of residence, including:

  • Malta and other EU/EEA countries: where our headquarters, servers, and some service providers are located.
  • Canada: where certain payment processors, banks, and service providers are based or operate.
  • Other countries: where specific technical or support providers maintain infrastructure (for example, cloud hosting or communications tools), which may be located in or outside the EU/EEA.

Where personal data is transferred from the EU/EEA or Malta to a country that has not been recognised as providing an adequate level of data protection, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) or equivalent contractual mechanisms approved by relevant regulators.
  • Technical and organisational measures, including encryption, strict access controls, and data minimisation.
  • Internal policies ensuring that processors and partners maintain robust security and confidentiality standards.

By using our services, you understand that your data may be processed in these jurisdictions. Regardless of location, we take reasonable steps to ensure that your information is treated securely and in accordance with this Privacy Policy.

Data Retention

OBSERVE: Gaming and AML regulations require data to be kept for defined periods; privacy laws require no longer than necessary.

EXPAND: We specify typical retention periods and criteria for deletion or anonymisation.

REFLECT: This balances legal obligations with your expectation of limited retention.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for legal, regulatory, accounting, or reporting requirements. Typical retention periods are:

  • Account data and KYC documentation: generally kept for the duration of your active account and, after closure, for a period of up to 5 to 7 years, depending on applicable AML, gaming, and accounting laws and limitation periods.
  • Transaction and gameplay records: retained for at least 5 years following the relevant transaction or account closure, as required for AML and regulatory audits.
  • Marketing data: retained while you remain opted-in and for a limited period (typically up to 2 years) after your last interaction with us, unless you withdraw consent earlier.
  • Technical logs and security data: retained for a shorter period, typically from a few months up to 2 years, unless needed longer for security investigations or legal proceedings.

After the applicable retention period expires, or once the data is no longer needed for the purposes described, we will either:

  • Securely delete or destroy the personal data; or
  • Anonymise the data so that it can no longer be associated with any identifiable individual and may be used for statistical or analytical purposes.

Where you request deletion of your data, we will comply to the extent permitted by law and our regulatory obligations. Certain records may need to be retained despite a deletion request (for example, where required by AML rules or to defend legal claims).

Your Rights

OBSERVE: Individuals require clear information about their privacy rights and how to exercise them.

EXPAND: Although we operate under Maltese and MGA oversight, we seek alignment with key principles similar to those found in the EU GDPR and leading privacy frameworks applicable to Canadian residents.

REFLECT: We provide practical procedures, timeframes, and cost-free guarantees for rights requests.

Core Privacy Rights

  • Right of access: you may request confirmation whether we process your personal data and obtain a copy of such data, together with relevant information about the processing.
  • Right to rectification: you may request correction of inaccurate or incomplete personal data (for example, an incorrect address or outdated contact details).
  • Right to erasure ("right to be forgotten"): you may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent (where processing was based on consent), or when processing is unlawful, subject to our legal obligations to retain certain records.
  • Right to restriction: you may request that we restrict processing of your data in certain situations (for example, while we verify the accuracy of data or where you have objected to processing).
  • Right to object: you may object, on grounds relating to your particular situation, to certain processing based on our legitimate interests, including profiling. We will stop such processing unless we demonstrate compelling legitimate grounds or need the data for legal claims.
  • Right to data portability: where legally applicable, you may request to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible.
  • Right to withdraw consent: where processing is based on your consent (for example, for direct marketing), you can withdraw that consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Marketing preferences: you may opt out of receiving marketing communications at any time using the unsubscribe link included in our messages or through your account settings.

How to Exercise Your Rights

  1. Submit a request: Contact us by email at [email protected] or via any dedicated privacy/contact form on mrfortune-ca.com. Please specify the right you wish to exercise and provide sufficient information for us to verify your identity and locate your data (e.g., username, registered email, province, and country).
  2. Verification: For your security, we may request additional information or documentation to confirm your identity before responding to your request.
  3. Response timeframe: We aim to respond to all legitimate requests within 30 days of receipt. If your request is particularly complex or we receive numerous requests, this period may be extended where permitted by law; in such cases we will inform you of the delay.
  4. Fees: Requests are generally handled free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded, repetitive, or excessive, where allowed by law.

Please note that certain rights may be limited by our regulatory and legal obligations. For example, we may decline a request to delete data that must be retained for AML, gaming regulation, or legal defence purposes.

Cookies & Tracking Technologies

OBSERVE: Our website uses cookies to provide, secure, and improve services.

EXPAND: We explain types of cookies, their purposes, and how to manage them.

REFLECT: This allows you to make informed choices about tracking technologies.

Types of Cookies We Use

  • Strictly necessary cookies (session cookies): essential to operate the website and enable core functions, such as logging in, maintaining your session, and processing transactions. These are typically session-based and expire when you close your browser.
  • Functional cookies (persistent cookies): used to remember your preferences (e.g., language, region, login preferences) and to provide an enhanced, personalised experience. These may remain on your device for a defined period.
  • Analytics and performance cookies: help us understand how visitors use our website, which pages are most popular, and how users navigate our services. We use this information to improve functionality and performance. Where required, we will obtain your consent before using third-party analytics cookies.
  • Advertising and targeting cookies (third-party): used, where implemented and permitted by law, to deliver relevant advertising and track the effectiveness of marketing campaigns, often in partnership with advertising networks or affiliates. These cookies may track browsing across different websites.

Managing Cookies

  • Browser settings: most web browsers allow you to manage cookies, including blocking or deleting them. Please refer to your browser's help section for instructions.
  • On-site controls: where available, we may provide a cookie banner or preference centre on mrfortune-ca.com that allows you to accept or reject certain categories of cookies (other than strictly necessary cookies).
  • Consequences of disabling cookies: if you choose to disable or reject cookies, some features of our website or games may not function properly or may be unavailable.

Data Security

OBSERVE: Online gambling involves sensitive financial and identity data requiring strong safeguards.

EXPAND: We outline technical, organisational, and procedural measures designed to protect your data.

REFLECT: This demonstrates our commitment to confidentiality, integrity, and availability of your information.

Technical Measures

  • Encryption in transit: data transmitted between your browser and our servers is protected using up-to-date encryption protocols (such as TLS 1.2 or higher).
  • Encryption at rest: sensitive categories of data are stored using industry-standard encryption or hashing algorithms, especially passwords and certain financial identifiers.
  • Access controls: access to personal data is restricted to authorised personnel and systems on a need-to-know basis, using role-based access controls and authentication mechanisms (including multi-factor authentication where appropriate).
  • Network and system security: we employ firewalls, intrusion detection and prevention systems, vulnerability management, and regular patching to protect our infrastructure.

Organisational and Procedural Measures

  • Policies and training: staff who handle personal data receive training on data protection, confidentiality, and security best practices, and are bound by confidentiality obligations.
  • Security audits and testing: we conduct periodic internal reviews, risk assessments, and, where appropriate, external audits or penetration testing of our systems and processes.
  • Incident response: we maintain procedures to detect, investigate, and respond to suspected personal data breaches. Where required by law, we will notify relevant authorities and affected individuals of a qualifying breach without undue delay.

While we take appropriate and proportionate measures to protect your data, no system can be guaranteed to be completely secure. You are responsible for keeping your account credentials confidential and for using appropriate security measures on your own devices.

Complaints & Contacts

OBSERVE: Users need clear channels to raise privacy concerns and complaints.

EXPAND: We describe internal procedures and escalation routes to supervisory bodies where applicable.

REFLECT: This ensures transparency and promotes accountable handling of personal data.

Contacting Us

If you have questions about this Privacy Policy or our data practices, or if you wish to submit a request or complaint, you can contact us via:

  • Email: [email protected]
  • Postal address: Data Protection Officer, Green Feather Online Limited, 97 Windsor Street, Sliema, SLM 1853, Malta

Internal Complaint Handling

  1. Submit your complaint: send us a detailed description of your concern, including relevant account information and any supporting documentation.
  2. Acknowledgement: we aim to acknowledge receipt of your complaint within 5 business days.
  3. Investigation and response: we will investigate your complaint and aim to provide a substantive response within 30 days. If more time is required due to complexity, we will inform you of the delay and the expected timeframe.
  4. Further steps: if you are not satisfied with our response, you may escalate your complaint through any external avenues available under your local laws or through our gaming regulator or ADR bodies for gambling-related disputes (note that these bodies primarily handle gaming fairness and contractual disputes rather than pure privacy complaints).

Depending on your place of residence, you may have the right to lodge a complaint with your local privacy or data protection authority or, where applicable, the authority in our jurisdiction of establishment. We encourage you to contact us first so we can attempt to resolve your concern directly.

Updates

OBSERVE: Privacy practices may evolve due to regulatory, technical, or business changes.

EXPAND: We explain how we will inform you about updates, maintain version control, and allow you to react.

REFLECT: This ensures ongoing transparency and informed use of our services.

Changes to This Privacy Policy

  • We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal or regulatory requirements, or other operational needs.
  • Each version of the Policy will be identified by the "Last updated" date indicated below.

Notification of Material Changes

  • Where we make material changes that significantly affect how we process your personal data or your rights, we will provide additional notice by appropriate means, such as:
    • Email notifications sent to the address associated with your account;
    • Prominent notices or banners displayed on mrfortune-ca.com or within your account dashboard; and/or
    • In-product messages at login.
  • Where required or appropriate, we will provide at least 30 days' advance notice of significant changes before they take effect, to allow you to review the updated Policy.

Your Options in Case of Changes

  • If you do not agree with the updated Privacy Policy, you may choose to close your account and stop using our services. We will then process your data in accordance with the version of the Policy that applied at the time of collection and our retention obligations.
  • By continuing to use our services after the effective date of the updated Policy, you acknowledge that you have read and understood the changes.

Last updated: November 2025 (applicable and extended through 2026, subject to further updates published on this page).